Overview

 

We operate in a dynamic global environment, with new risks on the horizon that may not yet be fully recognised or understood but may significantly impact society, organisations and individuals as well as the planet. Effective risk management therefore is key to strengthening business resilience by mitigating these effects by responding and adapting quickly. 

 

We are guided by a robust risk management framework to ensure business continuity. Our goal is to enhance our risk management capability to meet regulatory expectations, safeguard the Bank’s interests, as well as those of our stakeholders, and to promote long-term business performance.

Enterprise-Wide Risk Management (EWRM) Framework​

 

CIMB’s Enterprise-Wide Risk Management (EWRM) Framework provides a comprehensive risk management architecture to identify, assess, manage, and monitor risks across the Group. Key risk categories include credit risk, market risk, operational risk, liquidity risk, and sustainability risk, among others.

Process for Determining Risk Appetite

 

The determination of CIMB’s risk appetite is an integral part of the Group’s risk management process and is guided by:

 

  1. Strategic Objectives: Risk appetite is aligned with CIMB’s long-term business strategy and sustainability commitments, such as our Net Zero goals
  2. Stakeholder Inputs: Inputs from the Board of Directors, Group Risk and Compliance Committee (GRCC), and senior management guide the development of risk appetite parameters
  3. Quantitative and Qualitative Factors: These include financial metrics (e.g., capital adequacy, liquidity ratios), macroeconomic trends, regulatory requirements, and scenario analysis of emerging risks, including sustainability and climate risks
  4. Approval and Oversight: The Board of Directors approves the Group’s risk appetite framework, while the GRCC reviews and monitors adherence to the framework through periodic reports and assessments

Application of Risk Appetite to Specific Risks

 

Risk appetite is cascaded across all risk categories, including sustainability risk. For instance:

 

  • Sustainability Risks: The Sustainability Risk Management Framework integrates risk appetite into sectoral policies and transaction assessments, ensuring alignment with CIMB’s commitment to sustainable finance
  • Credit Risks: Risk limits are set based on the likelihood and impact of default scenarios, informed by stress testing and historical data

Ongoing Review and Adjustment

 

CIMB conducts periodic reviews of the risk appetite framework to ensure alignment with evolving business needs, market conditions, and regulatory developments. These reviews include scenario analyses, stress testing, and consultation with key stakeholders to recalibrate risk thresholds as necessary

Governance and Accountability

 

  • Board of Directors: Responsible for approving the risk appetite framework and ensuring alignment with CIMB’s strategy.
  • Group Risk Committee (GRCC): Oversees the implementation of the framework, reviews risk appetite metrics, and monitors adherence.
  • First Line of Defense: Operationalises risk appetite through business planning, portfolio management, and transaction decisions.

 

Sustainability Risk Management Framework

 

The Sustainability Risk Management Framework is a key component of CIMB's broader EWRM architecture. The Framework:

 

  • Identifies and assesses sustainability risk components, including environmental, social, economic, and ethical risks
 
  • Defines appropriate governance, supported by relevant policies and procedures
 
  • Utilises risk assessment tools to enhance preparedness for existing and emerging sustainability risks
 
  • Ensures due diligence and assessment of sustainability risk impacts
 
  • Cultivates a risk management culture through the three-lines-of-defense approach and relevant controls and measurements for credible reporting
SMRF

Risk Management Process

 

Business Planning: Risk management is central to the business planning process, including setting frameworks for risk appetite, risk posture, new products and business activities.

 

Risk Identification and Assessment: Risks are systematically identified and assessed through the robust application of the Group’s risk frameworks, policies, methodologies/standards, and procedures. A risk matrix is utilised to depict the short-term and long-term impact and the likelihood of each individual risk.

 

Risk Measurement: Risks are measured and aggregated using the Group-wide methodologies across each of the risk types, including stress testing.

 

Risk Management and Control: Risk management limits and controls are used to manage risk exposures within the risk appetite set by the Board. Risk management limits and controls are regularly monitored and reviewed in the face of evolving business needs, market conditions and regulatory changes. Corrective actions are taken to mitigate risks.

 

Risk Monitoring and Reporting: Risks on an individual, as well as on a portfolio basis, are regularly monitored and reported to ensure they remain within the Group’s risk appetite.

You may also like

Our Roadmap
Sustainable & Responsible Finance
Governance & Ethics
Cybersecurity & Data Privacy
Digitalisation & Innovation
Customer Experience
Statement on Biodiversity and Nature
Our Path to Net Zero Whitepaper
Our Sustainable Finance Framework
Latest Sustainability Report
The Cooler Earth Sustainability Summit